By Richard Adhikari E-Commerce Times
04/08/09 12:26 PM PT
April 15 is just a week away, and it's a busy time for taxpayers and scammers alike. With everyone busy fussing about e-filing, stimulus checks, federal and state returns, and the often complex business of putting together a proper 1040, those looking to steal taxpayers' personal information for their own gain have a fertile field to plow. Don't get caught up in a scam.
It's tax time again, and the online scammers are crawling out of the woodwork. Their goals are to intercept personal information about taxpayers nationwide, and in some ways, they may be benefiting from the IRS' push for people to electronically file their returns.
Some scammers are "phishing" taxpayers by sending emails that claim to be from the IRS. They might ask for recipients' names, Social Security numbers and addresses in order to claim refunds, or they may ask the recipient to confirm that information.
Many set up fake Web sites offering free tax preparation software or tax prep services.
Others send out emails offering bogus stimulus package payments or tax refunds.
E-Filing: A Mixed Blessing
"Your fast, easy alternative to filing paper returns!" reads the blurb on the IRS page about e-filing for individuals, which boasts that 90 million people used e-file in 2008. The page outlines the benefits to filing one's taxes online, such as faster refunds, greater accuracy, and secure and confidential submission.
Taxpayers have turned to the Web in droves to deal with tax issues. More than 138 million people visited the IRS site in the first three months of this year, compared to 111 million during the same period in 2008, according to the agency.
That's all well and good, but the move to online filing also opens the door to scammers.
Taxpayers should beware of Web sites that may resemble
IRS.gov -- the official IRS Web site -- but end in .com, .net, .org, .biz or any other domain name extension, the IRS warns.
It's easy to spot the fake Web sites, though, because they often ask for visitors' personal and financial information, IRS spokesperson Michelle Lamishaw told the E-Commerce Times. "We do have the information we need normally, and the type of information scammers request is not the information we need, such as passwords of consumers' accounts."
Phishing Lines
Phishing is a type of fraud that occurs when people misrepresent themselves in an effort to get others to tell them sensitive information -- such as usernames, passwords and credit card details. Phishing can be undertaken through email or Web sites designed to get visitors to provide sensitive info in hope of a reward or prize.
The Obama administration's stimulus package has stoked the imaginations of countless phishers.
"There have been many stimulus-related scams out there since the package was announced," David Harley, director of malware intelligence at antivirus vendor
Eset, told the E-Commerce Times.
Often, taxpayers get emails claiming they still have more money from their stimulus checks sitting in the Treasury, and all they have to do is fill out a form with their personal information and fax or email it back, Scott Stevenson, founder and CEO of
EliminateIDTheft, told the E-Commerce Times.
"That's a scam," he said. "The IRS won't ask you for that information."
Emails purporting to be from the IRS are usually flat-out fakes.
"We do not send out emails to the typical taxpayer," the IRS's Lamishaw said, "and we would never send out emails telling taxpayers they're due for a refund or asking them to send us their personal and financial information."
Polishing the Scams
As consumers become more savvy about phishing scams, online fraudsters are doing everything they can to add credibility to their cover stories. For example, many phishing emails include personal information such as the last four digits of the recipients' Social Security numbers, EliminateIdentityTheft's Stevenson said. It may encourage the recipient to let his or her guard down, believing he or she has done business with the sender before.
However, that information is readily available from data brokers.
The growth of social networking sites, whose members readily put information about themselves on the Web, and the frequency of corporate and government data breaches have made such personal information commonplace and cheap. "The price used to be (US)$10 to $20 a name, and now it's $5 to $10 because this information is more readily available now," Stevenson said.
Some scammers are not just content with sending emails claiming to be from the IRS; they add in details to make their emails look more official in order to add credibility. "They use the logo of the IRS or Treasury Department, and sometimes they use the name of a real IRS executive or make up a name," the IRS's Lamishaw said.
For example, one phishing attack from the email address "stumulusref@i-r-s.com" includes an IRS logo, according to a blog post on Eset's Web site by Randy Abrams, the vendor's director of technical education.
No Such Thing as a Free Lunch
Another common scam is to offer free tax preparation software packages online. These contain malware that can infect victims' PCs.
A quick search online for free tax prep wares turned up a plethora of results. Sure, sites for TurboTax and the actual IRS were among the results, but there were also lots of lesser-known sites offering free online tax preparation. Some may be legit companies, others not so much.
"Don't just download the next free tax preparation software package you see," Ryan Barnett, director of application security research at Breach Security, told the E-Commerce Times.
Taxpayers should especially beware of sponsored links on Google (Nasdaq: GOOG) searches, as scammers often invest a few hundred dollars to buy prominent placement and lure in victims.
Taking Action Against Scammers
Those who have received phishing emails or have visited a fraudulent Web site can send the email or the Web site's URL to the IRS at
phishing@irs.gov. If they can provide the email's Internet header, the IRS can trace it back to the hosting server and ask the host to remove that address, the IRS's Lamishaw said.
The IRS also has a page on its Web site explaining how to identify and report online scams. Lamishaw said the IRS will soon post alerts about scams.
Taxpayers looking for a tax filing service should get one approved by the IRS, EliminateIDTheft's Stevenson said. That information is
available on the IRS site.
One other thing taxpayers should do is make sure their computers are not infected with spyware.
"Run a full antivirus and spyware scan," Breach Security's Barnett advised.
New Recession-Era Twist in Cyber-Crime: Preying on Fear March 15, 2009
In these difficult economic times, it's disheartening to know that there are people out there who want to take advantage of our fear for their own nefarious gain. Ray Dickenson, CTO of security firm Authentium, offers some tips for avoiding these hard-times scams.
Related Stories
Prepare Now for New 'Red Flag' Credit Rules December 13, 2008
The burden of protecting customer data falls upon just about any company that provides credit to its customers under new FTC "Red Flag" regulations. Credit-granting entities now have until May 1, 2009 to implement the requirements. It's a good idea to start preparing now, write Tim Mohr and Bob Pearlman of BDO Seidman.
Identity Fraud, Part 3: Taking the Target Off Your Back September 30, 2008
Like a natural disaster, identity fraud can strike just about anyone -- there are no foolproof ways to completely eradicate the risk while living in a modern society. That said, consumers are wise to take as many steps as possible to make themselves less attractive targets -- and to be prepared to react calmly and quickly if they should become victims of this persistent threat.
Identity Fraud, Part 2: Digging Yourself Out of the Wreckage September 29, 2008
Many cases of identity fraud are irritations that can be quickly resolved with minimal expense. However, when your credit rating becomes compromised, cleaning up the mess can be daunting -- and more expensive. Even that ugly scenario pales in comparison to the challenge of clearing your reputation after an identity thief has committed crimes, and been convicted, in your name.
Related News Alerts
More by Richard Adhikari
Ballmer: The Windows 7 Tablet Will Have Its Day July 30, 2010
Microsoft is hard at work on a tablet, it will run Windows 7, and it'll be ready when it's ready -- that was the message CEO Steve Ballmer conveyed to financial analysts Thursday. While the company has been gliding on sales of its Windows 7 operating system, many investors feel it's also missing a big opportunity in tablet computers, the popularity of which is underscored by the rapid ascent of Apple's iPad.
Microsoft's Mobile Morass, Part 1 July 30, 2010
If sales and financial performance say anything, Microsoft has generally corrected its desktop OS course with Windows 7. But the company's growth in mobile appears seriously stunted. The technology it's building into Windows Phone 7 may make it some friends in the enterprise, but the software won't hit the market for months. In tablets, Apple's claimed a big lead, and it looks like Android's already out of the gate too.
Hacker Makes ATMs Cough Up Cash Willy-Nilly July 29, 2010
Using exploits with names like "Scrooge" and "Dillinger," a security researcher presenting at the Black Hat conference demonstrated a way to hack into ATMs, reprogram them to spew money, and even steal unsuspecting users' information. Barnaby Jack says the companies that make the machines he demoed have patched their systems, but similar flaws may remain in other machines.
Headline Feeds
Talkback: 
